Transparency of data processing is often a requirement for compliance to legislation and/or business requirements. Furthermore, it has recognised as a key privacy principle, for example in the European Data Protection Directive.
Cloud services allow enterprises to outsource non-core aspects of their business to third parties. The complexity of the service provision eco-system may not be visible to an individual or business end user. However, it should ideally be possible to hold each provider accountable for how it manages, uses, and passes on data and other related information. As such, cloud service users may hand over valuable and sensitive information to cloud service providers without an awareness of what they are committing to or understanding of the risks, with no control over what the service does with the data, no knowledge of the potential consequences, or means for redress in the event of a problem.
The Cloud Accountability Project (or A4Cloud for short) focuses on the Accountability For Cloud and Other Future Internet Services as the most critical prerequisite for effective governance and control of corporate and private data processed by cloud-based IT services. The research being conducted in the project will increase trust in cloud computing by devising methods and tools, through which cloud stakeholders can be made accountable for the privacy and confidentiality of information held in the cloud. These methods and tools will combine risk analysis, policy enforcement, monitoring and compliance auditing. They will contribute to the governance of cloud activities, providing transparency and assisting legal, regulatory and socio-economic policy enforcement.
We present a transparency-enhancing tool in the form of a cryptographic scheme that enables data processors to inform users about the actual data processing that takes place on their personal data.
Accountability is likely to become a core concept in both the cloud and in new mechanisms that help increase trust in cloud computing. These mechanisms must be applied in an intelligent way, taking context into account and avoiding a one-size-fits-all approach.
Two types of modeling and simulation as service configuration problems are formally defined and their complexities are analyzed. Optimization and heuristic solutions for these configuration problems are introduced.
This paper is concerned with accountability in cloud ecosystems.
Join our Mailing List
For the latest information about Cloud Accountability Project please submit your email in the field below.